xl2tpd/xl2tpd-1.3.1-conf.patch

diff -Naur xl2tpd-1.3.1-orig/examples/chapsecrets.sample xl2tpd-1.3.1/examples/chapsecrets.sample
--- xl2tpd-1.3.1-orig/examples/chapsecrets.sample	2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/examples/chapsecrets.sample	2012-06-12 12:08:26.850851970 -0400
@@ -1,7 +1,10 @@
-# Secrets for authentication using CHAP
-# client        server  secret                  IP addresses
-jacco           *       "mysecret"              192.168.1.128/25
-*               jacco   "mysecret"              192.168.1.128/25
-sam             *       "rumpelstiltskin"       192.168.1.5
-*               sam     "rumpelstiltskin"       192.168.1.5
-
+# Secrets for authentication on server using CHAP
+# See /etc/ppp/options.xl2tpd on how to use Windows authentication
+# client	server	secret			IP addresses
+jacco		*	"mysecret"		192.168.1.128/25 # Dynamic IP
+sam		*	"rumpelstiltskin"	192.168.1.5	 # Static IP
+#
+# Secrets for authentication on client using CHAP
+# client	server	secret			IP addresses
+*		jacco	"mysecret"
+*		sam	"rumpelstiltskin"
diff -Naur xl2tpd-1.3.1-orig/examples/README xl2tpd-1.3.1/examples/README
--- xl2tpd-1.3.1-orig/examples/README	2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/examples/README	2012-06-12 12:08:26.850851970 -0400
@@ -1,2 +1,4 @@
-These are example files for use with xl2tpd. The xl2tpd*conf files are
-examples to use xl2tpd with Openswan's IPsec. See www.openswan.org
+These are example files for use with xl2tpd.
+
+Openswan carries config examples for use with l2tp-over-ipsec.
+See http://www.openswan.org/
diff -Naur xl2tpd-1.3.1-orig/examples/xl2tpd.conf xl2tpd-1.3.1/examples/xl2tpd.conf
--- xl2tpd-1.3.1-orig/examples/xl2tpd.conf	2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/examples/xl2tpd.conf	2012-06-12 12:27:00.922911049 -0400
@@ -14,6 +14,11 @@
 ; in the example below). Yet another IP address (local ip, e.g. 192.168.1.99)
 ; will be used by xl2tpd as its address on pppX interfaces.
 
+
+; IMPORTANT: always set listen-addr to a specific address, to work around a
+; udpfromto bug!!!
+
+
 [global]
 ; listen-addr = 192.168.1.98
 ;
@@ -24,14 +29,15 @@
 ;  when using any of the SAref kernel patches for kernels up to 2.6.35.
 ; ipsec refinfo = 30
 ;
-; forceuserspace = yes
+; force userspace = yes
 ;
 ; debug tunnel = yes
 
 [lns default]
 ip range = 192.168.1.128-192.168.1.254
 local ip = 192.168.1.99
-require chap = yes
+; leave chap unspecified for maximum compatibility with windows, iOS, etc
+; require chap = yes
 refuse pap = yes
 require authentication = yes
 name = LinuxVPNserver
diff -aur xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.1/examples/ppp-options.xl2tpd
--- xl2tpd-1.3.1-orig/examples/ppp-options.xl2tpd	2011-10-06 15:22:05.000000000 -0400
+++ xl2tpd-1.3.1/examples/ppp-options.xl2tpd	2012-07-19 10:54:13.810503823 -0400
@@ -1,9 +1,10 @@
 ipcp-accept-local
 ipcp-accept-remote
-ms-dns  192.168.1.1
-ms-dns  192.168.1.3
-ms-wins 192.168.1.2
-ms-wins 192.168.1.4
+ms-dns  8.8.8.8
+# ms-dns  192.168.1.1
+# ms-dns  192.168.1.3
+# ms-wins 192.168.1.2
+# ms-wins 192.168.1.4
 noccp
 auth
 crtscts
@@ -15,3 +16,11 @@
 lock
 proxyarp
 connect-delay 5000
+# To allow authentication against a Windows domain EXAMPLE, and require the
+# user to be in a group "VPN Users". Requires the samba-winbind package
+# require-mschap-v2
+# plugin winbind.so
+# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"' 
+# You need to join the domain on the server, for example using samba:
+# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
+